diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index 352bf6c95..425443312 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -68,7 +68,18 @@ class AuthenticationController extends Controller // Call provided AuthenticationHook(s) when login action is called // but icinga web user is already authenticated AuthenticationHook::triggerLogin($this->Auth()->getUser()); - $this->redirectNow($this->params->get('redirect', $form->getRedirectUrl())); + + $redirect = $this->params->get('redirect'); + if ($redirect) { + $redirectUrl = Url::fromPath($redirect, [], $this->getRequest()); + if ($redirectUrl->isExternal()) { + $this->httpBadRequest('nope'); + } + } else { + $redirectUrl = $form->getRedirectUrl(); + } + + $this->redirectNow($redirectUrl); } if (! $requiresSetup) { $cookies = new CookieHelper($this->getRequest()); diff --git a/application/forms/Authentication/LoginForm.php b/application/forms/Authentication/LoginForm.php index 8a71ecf55..87b32ab3c 100644 --- a/application/forms/Authentication/LoginForm.php +++ b/application/forms/Authentication/LoginForm.php @@ -10,6 +10,7 @@ use Icinga\Application\Logger; use Icinga\Authentication\Auth; use Icinga\Authentication\User\ExternalBackend; use Icinga\Common\Database; +use Icinga\Exception\Http\HttpBadRequestException; use Icinga\User; use Icinga\Web\Form; use Icinga\Web\RememberMe; @@ -119,10 +120,17 @@ class LoginForm extends Form if ($this->created) { $redirect = $this->getElement('redirect')->getValue(); } + if (empty($redirect) || strpos($redirect, 'authentication/logout') !== false) { $redirect = static::REDIRECT_URL; } - return Url::fromPath($redirect); + + $redirectUrl = Url::fromPath($redirect); + if ($redirectUrl->isExternal()) { + throw new HttpBadRequestException('nope'); + } + + return $redirectUrl; } /**